CVE-2015-7818 - Vulnerability Details - OpenCVE

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	System Networking Switch Center
Lenovo	Switch Center

Configuration 1 [-]

cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
https://support.lenovo.com/us/en/product_security/len_2015_074

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-12T02:00:00

Updated: 2024-08-06T07:59:00.649Z

Reserved: 2015-10-14T00:00:00

Link: CVE-2015-7818

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-11-12T03:59:06.500

Modified: 2024-11-21T02:37:27.750

Link: CVE-2015-7818

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-11-12T02:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7818", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"}, {"name": "https://support.lenovo.com/us/en/product_security/len_2015_074", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:59:00.649Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7818", "datePublished": "2015-11-12T02:00:00", "dateReserved": "2015-10-14T00:00:00", "dateUpdated": "2024-08-06T07:59:00.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F78E25E-A371-486B-A7A4-C82F806266ED", "versionEndIncluding": "7.3.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B2AC6A9-DF5D-451C-83F6-BE2066527F30", "versionEndIncluding": "8.1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file."}, {"lang": "es", "value": "El servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a usuarios locales ejecutar c\u00f3digo JSP arbitrario con privilegios SYSTEM usando el m\u00e9todo de lanzamiento Apache Axis AdminService para instalar un archivo .jsp."}], "id": "CVE-2015-7818", "lastModified": "2024-11-21T02:37:27.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-12T03:59:06.500", "references": [{"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}